Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Monday, February 15, 2010

How to remove Security Essentials 2010 fake antivirus program? (Uninstall guide)

Tell your friends:
Security Essentials 2010 is a fake (rogue) antivirus program. It's a clone of Internet Security 2010. The same GUI only the name is different. Most importantly, don't confuse this rogue program with Microsoft Security Essentials which is perfectly legitimate software from reputable company. Name can be deceiving! This fake program is very irritating and if you are reading this article then you are probably infected with this scareware. Thankfully we've got several useful removal tips to help you remove Security Essentials 2010 for free.



This fake program is usually installed through the use of Trojans or other malicious software. It can be promoted via fake online scanners, misleading websites and even using social engineering methods. Once active, SecurityEssentials2010 loads many fake security warnings and popups claiming that your computer is badly infected, even though it's the only virus on your computer. The rogue program runs a fake system scan and reports false infections to scare you even more. Just like the fake security alerts, false computer threats should be ignore. Security Essentials 2010 is one of many fake antivirus applications that use various misleading methods to trick you into purchase the program. Don't do this! Instead, you should get rid of this annoying software as soon as possible.

Another very irritating thing is that Security Essentials 2010 blocks almost all programs on your computer and I'm not even talking about antivirus software. Usually, it displays an error message with the following text:

"Application cannot be executed. The file is infected. Please activate your antivirus software."

"ERROR
Application Error.The instruction at 0x009a6f9a referenced memory at 0x00000000. The memory could not be written.Click on OK to terminate the program."



"Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Interner Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)"

It will also hijack your Desktop and change your default background to something like this:



As you can see, Security Essentials 2010 is a total scam. Don't pay for it! If you bought this malware, then contact your credit card company and dispute the charges. Next, read the removal guide below and remove Security Essentials 2010 from your PC for free one and for all. Good luck! By the way, if you have any questions, don't hesitate and ask.



Security Essentials 2010 removal instructions (method #1):

NOTE: complete steps 1-3 if you can't use Internet or download/install malware removal tools listed in step 4.


1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entries in the scan results:
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
Select all such entries and click once on the "Fix checked" button. Close HijackThis tool.



3. Download the file LSPFix.zip and extract it into a folder on your PC.
Launch LSPFix. Place a tick in the "I know what I'm doing".
In the KEEP box select helper32.dll (or randomly named file such as lsawpeajpg.dll) and press ">>" button.
Press Finish>> button. Wait while LSPFix removes helper32.dll and displays a summary. Press OK.



4. Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.

NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.



Removing Security Essentials 2010 in Safe Mode with Networking (method #2):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. If the rogue program blocks it then download and run this file RenamedSBKRepair. Follow the prompts. Then reboot your PC in Safe Mode with Networking.

2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.


Security Essentials 2010 files and registry values:

Files:
  • C:\WINDOWS\system32\warnings.html
  • C:\WINDOWS\system32\helpers32.dll
  • C:\WINDOWS\system32\winlogon32.exe
  • C:\WINDOWS\system32\smss32.exe
  • C:\WINDOWS\system32\41.exe
  • %Temp%\250904.exe
  • %StartMenu%\Security essentials 2010.lnk
  • %Desktop%\Security essentials 2010.lnk
  • C:\ProgramFiles\Securityessentials2010\SE2010.exe
Registry keys and values:
  • HKEY_CURRENT_USER\Software\SE2010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • "Security essentials 2010"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "smss32.exe"

Share this information with other people:

26 comments:

grainne said...

I have been infected with the security ssential 2010 virus I am getting a fatal error messge when I try to start my laptop. I have tried your method 2 to boot up in safe mde with networking and am geting thefollowing application error The exception Privileged instruction. (0xc0000096) ccured in application at location 0x00083356 if I click OK to terminate or Cancel to ebug it tries to boot normally. My question is if I cant boot in safmode with networking how do I run a program ? FYI while I have been writing this the desktop as opened behind the winlogon.exe- Applcation error, If anyone can help, I mean step by step instructions I would be greatfull..Thanks

grainne said...

Another problem, I have managed to start in safe moe with networking. I use a mobile bradband with 3 g how do I access the internet when I cant select the 3g modem? HELP

Admin said...

grainne, when in Safe Mode, try to restore your computer to an earlier date when it was not infected.

dave said...

I just had this virus too and when I went through the steps to remove it and everything seemed ok, I went to change my background, now I have no background. Its blank and theres a scroll bar on the far right hand side of the window and all my icons are gone. Help?

Admin said...

Dave,

1. Press Ctrl+Shift+Esc (or Ctrl+Alt+Del) to open task manager
2. Goto processes and end exlporer.exe if it's there if not it's aleready ended
3. Go back to tasks
4. Click new task
5. In the field type exactly this: "C:\WINDOWS\explorer.exe" (without quotes)
6. now that should get your taskbar and icons back

Now, try to restore your PC to an earlier date when your PC as not infected. Good luck!

Anonymous said...

Hi Admin, i have done evertything like in your proposal no 1. Screen shot is not pop uping, i think virus is dont disturbing me now, but on backgroung i have still comunicate "your system is infected.." and on the main start windows tollbar icon security essentials is there. By second scannig with using HiJackthis, all previously 4 marked files are alredy uninstalled.
Thanks and regards from Poland
Dominik

Anonymous said...

sorry , i forgot, i cannot open task manger (ctrl alr del) the communicate " task manager has been off by administrator"

Dominik

Admin said...

Dominik, did you use Malwarebytes? If so, try to run a system scan with fully updated SUPERAntispyware. Good luck!

Anonymous said...

How can I update those programs when my internet is also down due to the virus... it has also killed the previous system restore points so can't use that either...

Tommy

Admin said...

Tommy, have you tried removing Security Essentials 2010 in Safe Mode with Networking?

Anonymous said...

Malwarebytes Cannot Remove This Trojan! It Makes Your Computer ADMIN Inoperable And All Systems! ONLY Way To Remove And Restore Your Computer Is To Install New System Leaving "Files Intact" Do Not Reformat! Very Important! Do Not Change File System! Re-Install As Directed. Once Installed Set Up New System Then Once In Windows On Your NEW SYSTEM Install Malwarebytes Update It Then Run A Scan And Delete All Trojans Then Restart Windows And Log Into Your Old System Then Run Malwarebytes Again!!! It Will Then Detect "Security Essentials 2010"! Select All Files And Delete! Then Reboot And SELECT Your Old System And It Be Cleaned! Your Screen Will Still Be Distorted By Security Essentials But Then Right Click On Screen And Click Properties Then Select Your Fav Screen! Then It Will Be Good As New No Files Lost!!!

Anonymous said...

I have the same virus. I tried to log in the Safe Mode but virus is getting smarter. It does not allow me to log in any of Safe Mode and even do not let me go furher than user password. It seems starting logging but then screen blinks and the next message reads you are logging off and saving your settings.

It probably started happening because I had tried deleting virus files in Safe Mode. And now it do not start at all. Any advice for such case? Thanks.

Anonymous said...

thanks helped but i would go to restore point as soon u do step 3 and the download one of the anti-malware applications

Anonymous said...

hi admin,

as i had removed the Security Essentials 2010, currently im facing a problem where some of the web page has been restricted.. problem occur when the Security Essentials 2010 infected my lappy. need ur advice asap...

Admin said...

Hi, what browser do you use? If IE, then check restricted sites list in "Internet Options".

Anonymous said...

Hi Admin
Virus SE successfully removed

Thanks
Dominik

Anonymous said...

After taking all the steps described above, when I tried to run a scan on Malware, it starts and after a few seconds, automatically restarts my comp, therefore not performing the scan, and leaving the Security Essentials 2010 unharmed on my comp. What shall I do?

Admin said...

Try to restore your PC to an earlier date when it was not infected or reboot your PC in Safe Mode with Networking (read removal method#2)and run a system scan with MalwareBytes or SUPERAntispyware.

Anonymous said...

Hi, I had the same virus, think I have got rid of the virus now but cannot get an internet connection or set one up, since you had great instructions for all I've done so far wondered if you had any ideas to get that back, cannot seem to do a system restore either.
Thanks

Anonymous said...

hi Admin,
My infected system does not allow me to access to the internet so i downloaded it to thumbdrive to transfer the file but i cant run and install the program in your steps mention as above

pls help

Anonymous said...

@ anonymous May 13 2010 - exact same with me. I successfully removed security essentials (??) and then could not get out of safe mode. Finally worked that out but now, my LAN is 'limited or no connectivity' and no matter what, I can't get it connected. All household laptops work fine, but the ethernet connected pc that had the security essentials won't connect to the network. Can anyone help?

John Thomas said...

oh my god this happened to me and doing this definitely works. thank you soooooo much and I love whoever created these programs to fix it. :) but i still dont know how i got it

Anonymous said...

i had a pretty similar virus, not exactly as described above but same microsoft security thing, couldnt open IE or mozilla, method 2 worked for me, just start in safe mode with networking and use quick scan malwarebytes, just make sure u have updated version as i did scan on old version and it didnt come up, malwarebytes update was blocked for me, not sure if that was the virus or just my firewall, but anyway just went to malwarebytes site and redownloaded which updated in that process, so this worked for me, thanks heaps

Anonymous said...

Dear Admin,

Thanks for all the insight. Unfortunately I'm still stuck after getting to the person in the response "Anonymous, February 17, 2010 8:00 PM".

To recap: I began deleting files as recommended by http://www.bleepingcomputer.com/virus-removal/remove-security-essentials-2010#files.

The virus got smart and stopped allowing me to access the system via safe mode. When the start up user login screen comes up I click on user name, it acts like it will log me on, but instead it then immediately logs me off.

Thanks in advance for your help,
Still Infected

fita said...

i'm looking for the free steps to uninstall this bad program.... i have to wait until 10 min just to start my comp... hikz... T_T

Anonymous said...

Safe mode with networking worked for me. Keep your definitions up to date or a new one will get you.